Restricting Access to Remote Server Datasets

By default, when you configure a remote server there are
no restrictions to accessing its datasets. Thus, any McIDAS-X client with a
client routing table entry for your server (i.e., an entry that maps a group
name that exists on your server to your server's IP address) can access its
data. This section describes how to configure your remote server to restrict
access to all of its datasets, or to specific datasets identified by group
or group/descriptor.

Access to one or more of the server's datasets can be restricted to the following.

There are three types of files used to allow/restrict access
to the server's datsets: Server Files, Group Files, and Group.Descriptor Files.
The files must adhere to these characteristics/requirements:

The files must reside in a MCPATH or REDIRECT directory
of the remote server account (normally mcadde).

The files are standard ascii text format, created with any
text editor.

Each file may have any free format comment on each line,
after the required information, which must begin in column 1. At least one
space should separate the required information from the comment.

Lines beginning with an asterisk (*) are considered
comments, and are thus ignored.

Server Files, Group Files, and Group.Descriptor Files are described in further
detail below. Important note: These files are enabled (i.e., perform their
described actions) only if transaction logging is activated. See the previous
section, Activating Transaction Logging on a Remote
Server, for instructions.

Server Files

To be allowed access to all datasets on a server, the user must have a valid
entry in one of the three files listed below, if the file exists. If any of
the files required for validation is missing, that type of validation is not
performed.

SERVER.USR -
contains user initials, one per line in uppercase; each record must be at
least four characters long

SERVER.PRJ -
contains four-digit project numbers, one per line

Group Files

To be allowed access to all datasets in a particular group on a server, the user
must have a valid entry in one of the three files listed below or one of the
Server Files described above. If any of the files required for validation is
missing, the server will then check if the user is valid based on the Server
Files.

GROUP.USR -
contains user initials, one per line in uppercase; each record must be at
least four characters long

GROUP.PRJ -
contains four-digit project numbers, one per line

For example, to allow users logged on to McIDAS as user
JOHN access to all datasets in the group GOES, the file GOES.USR must
contain a line that says "JOHN".

The Server Files are used in conjunction with the Group Files. For example,
if the files SERVER.IP and SERVER.PRJ also
exist, the user JOHN must be accessing the data from a valid IP address, and
using a valid project number in those files.

Multiple files with duplicate extensions can also exist. For example, if the MSG.IP and SERVER.IP files
exist, you can configure them to allow IP address 144.92.109.205 access only
to datasets in group MSG while also allowing IP address 128.104.110.92 access
to all datasets. To do so, the file MSG.IP must
contain 144.92.109.205 and file SERVER.IP must
contain 128.104.110.92.

Group.Descriptor Files

To be allowed access to a particular dataset (group and descriptor, e.g., GOES/CONUS)
on a server, the user must have a valid entry in one of the three files listed
below or one of the files described above. If any of the files required for validation
is missing, the server will then check if the user is valid based on the Server
Files and Group Files.